CVE-2006-5201

Publication date 10 October 2006

Last updated 17 July 2025

Ubuntu priority

Description

Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and JRE 5.0 Update 8 and earlier, SDK and JRE 1.4.x up to 1.4.2_12, and SDK and JRE 1.3.x up to 1.3.1_19; (3) JSSE 1.0.3_03 and earlier; (4) IPSec/IKE; (5) Secure Global Desktop; and (6) StarOffice, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key and prevents these products from correctly verifying X.509 and other certificates that use PKCS #1.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
sun-java5	9.10 karmic	Not in release
	9.04 jaunty	Fixed 1.5.0-11-1ubuntu2
	8.10 intrepid	Fixed 1.5.0-11-1ubuntu2
	8.04 LTS hardy	Fixed 1.5.0-11-1ubuntu2
	7.10 gutsy	Fixed 1.5.0-11-1ubuntu2
	7.04 feisty	Fixed 1.5.0-11-1ubuntu2
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life
sun-java6	9.10 karmic	Fixed 6-00-2ubuntu2
	9.04 jaunty	Fixed 6-00-2ubuntu2
	8.10 intrepid	Fixed 6-00-2ubuntu2
	8.04 LTS hardy	Fixed 6-00-2ubuntu2
	7.10 gutsy	Fixed 6-00-2ubuntu2
	7.04 feisty	Fixed 6-00-2ubuntu2
	6.10 edgy	Not in release
	6.06 LTS dapper	Not in release

References

Other references

https://www.cve.org/CVERecord?id=CVE-2006-5201